Version 14, last updated by eduprey at April 12, 2008 22:37 UTC
Target Software
The following is a list of freely available off-the-shelf type web applications to use as targets for testing. The goal is to obtain a broad coverage of languages and application types, with a focus on real-world enterprise-class applications. For convinience and common reference in testing, a small VM of a Common Attack Target is made available when possible -- this common target is generally an old version of the software containing known vulnerabilities to verify the scanner's detection capabilities.
-
SquirrelMail - Webmail client
- Target Virtual Machine [uLAMP + SquirrelMail 1.4.0 RC1]
-
PHPBB - Forum Software (PHP)
- Target Virtual Machine [uLAMP + PHPBB 2.01]
- Bugzero - Software for defect tracking and help desk customer support system (Java)
- KnowledgeTree - Document management system. (Java/PHP?)
- FCKeditor - AJAX text editor. (C# / ASP.NET)
- Webmin - A Web-based interface for Unix system administration. (Perl)
- SugarCRM - CRM tool (PHP)
-
MediaWiki - Wiki software (PHP)
- Target Virtual Machine [uLAMP + WordPress 1.5]
- WordPress - A standards-compliant Weblog/CMS. (PHP)
- Zimbra Collaboration Suite - Collabaration (Java)
Known-vulnerable OTS-type software:
-
Old versions of PHPBB (especially 2.01) (PHP)
- Target Virtual Machine [micro-LAMP server + PHPBB 2.01]
Foundstone Hack-me targets: (downsides, requires proprietary and non-gratis software)
A footnote in honor of the Hack-it-yourself-auction from F5 (formerly Magnifire).
- Phpauction.org The original project that HIYA was based on, last updated 2003.
- Phpauction NG GPL A currently updated version (related or just coincidental naming?)